[c-nsp] NPE G1, CEF and ACLs and high CPU
Łukasz Bromirski
lukasz at bromirski.net
Tue Sep 9 17:51:19 EDT 2008
sthaug at nethelp.no wrote:
>> I have no clue whether they're actually faster or
>> not at filtering packets.
>
> Can PIX/ASA filter 10 Gig minimum sized packets at line rate (like many
> core routers can)? I notice the data sheet for the ASA 5580-40 claims 10
> Gbps (real-world HTTP), 20 Gbps (jumbo frames) - but there's no mention
> of minimum sized packets.
As You're propably know - not. Filtering packets without keeping
state for session is a lot simpler and implemented for years in
hardware. With NPs like those used in ASA5580 and FWSM you can
accelerate inspection of some of the traffic, but not all of course.
--
"Don't expect me to cry for all the | Łukasz Bromirski
reasons you had to die" -- Kurt Cobain | http://lukasz.bromirski.net
More information about the cisco-nsp
mailing list